CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-27731

Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the lack of file type filtering in the file attachment parameter.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 24.5%

CVSS Severity

CVSS v3 Score 6.1

References

https://github.com/friendica/friendica/pull/13927
https://leo.oliver.nz/posts/2024/05/friendica-cve-disclosures/

Products affected by CVE-2024-27731

Friendica » Friendica » Version: 2023.12

cpe:2.3:a:friendica:friendica:2023.12

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-27731

Products

Pricing

Contact Us